- Chain Catalyst by Launchy
- Posts
- How to Counter Exploit 120,000 ETH π©π»βπ»
How to Counter Exploit 120,000 ETH π©π»βπ»
Binance Shuffled Billions | BTC Volatility Futures
GM folks ππ» - happy hump day π«
Crypto markets continue to stagnate. FTX's 3rd former exec pleaded guilty to fraud, ameen.eth is playing with fire by teasing a sequel to Tornado Cash, and the wormhole counter hack situation causes a massive dilemma.
In Today's Email:
What Matters: Jump counter hack the Wormhole hacker π€Ί
Case Study: Binance $1.8B asset shuffling π
Governance & Features: Deribit's BTC volatility futures π
Narratives: Stablecoin protocols are back, with MKR and LQTY pumping. Be careful with AI and ZK tokens as they seem to be fading away.
WHAT MATTERS
Jump Counter Hack the Wormhole Hackers π€Ί
State of play: Jump Crypto counter-exploited the hacker that previously exploited Wormhole, a Jump-backed crypto bridging protocol. Jump recovered the entire 120,000 ETH exploited in the original case.
In short, the original exploiter parked the funds on 2 Oasis vaults (related to Maker), to borrow DAI and lever up on ETH.
Jump worked with Oasis to upgrade a proxy contract, allowing them to get control of the stolen funds by paying the debt and recovering the collateral π€
4 of 12 multisig wallets that control the Oasis proxy contracts added an address speculated (with many signs) to be owned by Jump -- in short, this allows the new address to take control of the collateral and debt owned by the original exploiter π€―
Why it matters: It sets a bad precedent and shows once again that DeFi has failed to uphold its ideals. Who controls the smart contracts multisig is often the most overlooked part of decentralization.
Depending on how its structured, government entities can easily identify and force the holders to comply. Turns out, Oasis was ordered by the High Court of England and Wales to help Jump.
Yes, technically Oasis is an entirely separate independent company from Maker, and only acts as a frontend app. If the original exploiter had used a different frontend app, the counter-exploit might have not been possible.
Soooo as much as I love the Wormhole hacker getting pwned, what I donβt love is that MakerDAOβs Oasis Automation has a backdoor that let them seize assets from a user based on a court orderβ¦.
What happens when US courts demand they seize from US users in the future?
β Adam Cochran (adamscochran.eth) (@adamscochran)
10:05 PM β’ Feb 24, 2023
For builders: Be entirely transparent with your user base. Don't try to oversell your level of decentralization, such as what Oasis did here. Trust and transparency go a long way in building products that users really love.
For investors: Understand the multisig structure in your portfolio company. Many projects aren't being deliberate enough with the controls surrounding their multisig, which increases the probability of a negative outcome.
CASE STUDY
How Did Binance Shuffle Its Billions?
State of play: The world's largest crypto exchange quietly moved $1.8B of crypto assets meant to back its customers' stablecoin, without informing the public. Forbes has released a detailed piece explaining the movements of capital.
Patrick Hillmann, Binance's Chief Strategy Officer stated that the movements of assets were simply normal business conduct, and that there was no commingling of funds.
This happened from 17 August 2022 to early December, around the time when FTX imploded. Binance returned the asset by 6 December 2022.
Entities involved in these transactions include Justin Sun, Amber Group, Cumberland, and Alameda Research.
On 24 January 2023, a Binance spokesperson stated that the exchange had previously conducted errors that resulted in the lack of collateral backing and (maybe commingling) of customer funds for its B-tokens.
CZ responded below:
I am reluctantly spending time on FUD again (4). Forbes wrote another FUD article with lots of accusatory questions, with negative spins, intentionally misconstruing facts. They referred to some old blockchain transactions that our clients have done. 1/9
β CZ πΆ Binance (@cz_binance)
7:13 AM β’ Feb 28, 2023
Our take: There's no evidence that the situation at Binance is remotely close to what happened at FTX. However, it's concerning that Binance doesn't provide as much transparency as possible, when strategically it makes perfect sense.
In the current situation, further obfuscation of facts when there are new allegations will only make matters worse.
Binance strategic move is simple: It needs to clean up its operations to the best that it can, admit past mistakes, settle any fines, and move on. Do all these and CZ will still own one of the largest companies in the world.
If you enjoy reading this issue, please consider subscribing. It takes 1 minute of your time but it would mean the world to us π
FEATURES & GOVERNANCE UPDATE
Deribit's Bitcoin Volatility Futures
Instead of a new feature or governance update from a protocol, we think Deribit's new upcoming volatility market deserves the spot.
Deribit plans to launch BTC volatility futures. The largest crypto options market will provide investors with a new way to hedge against market volatility. Futures contract tied to the forward-looking BTC volatility index (DVOL) will be available by the end of March. The original DVOL index was launched in early 2021.
The new product, called BTCDVOL, will be similar to the CBOE's VIX futures.
Initially, there will only be one-month expiry for BTCDVOL, with plans to expand the offering to 5 expiries.
BTCDVOL will be linear futures that are priced, margined, and settled in Circle's USDC.
Why it matters: Volatility products have existed in DeFi, but have never really taken off. Deribit's entrance will provide institutional investors with the market infrastructure and liquidity needed to take the volatility products to the next level.
Until now, there hasn't been an effective way to bet on the level of volatility in crypto. Traders need to construct positions using complicated options strategies.
Other notable feature updates:
Synthetix launches version 3.
Polygon x Eclipse launches SVM, an L2 network.
Audius integrates TikTok.
Uniswap supports NFT purchase with ERC-20.
Avalanche introduces HyperSDK.
Collab Land launches a token.
Coinbase supports EUROC.
Perennial goes live on Arbitrum.
Yearn introduces yETH.
QUICK BITES
DCG reports $1.1B loss in 2022.
Coinbase halts BUSD trading.
SEC subpoenas Robinhood shortly after FTX insolvency.
Forbes reports on Binance's asset shuffling.
Voyager agrees to reserve $445M from Alameda.
Goldman continues blockchain hiring.
FTX Singh pleads guilty, charged by SEC and CFTC with fraud.
Deribit plans to offer BTC volatility futures.
Jane Street maybe connected to UST depeg.
Visa maintains crypto strategy.
French Police arrested Platypus Finance hacker.
Solana plans network upgrade.
MEME & NOTEWORTHY READS
"your eth is on testnet, not mainnet dawg"
β King πΉ (@0xgodking)
8:20 AM β’ Feb 28, 2023
If you enjoy reading this issue, please consider subscribing. It takes 1 minute of your time but it would mean the world to us π
Love this newsletter?
It would mean the world to us if you share it with 1 friend!
Refer a friend and receive our list of βMust Follow Up-and-Coming Crypto Twitter Accountβ π©π»βπ»
Disclaimer: All the information presented in this publication and its affiliates is strictly for educational purposes only. It should not be construed or taken as financial, legal, investment, or any other form of advice.